Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

riot shouldn't try to load integrations from an integration manager unless the user has accepted that manager's privacy policies #6802

Closed
ara4n opened this issue May 25, 2018 · 5 comments · Fixed by matrix-org/matrix-react-sdk#3199

Comments

@ara4n
Copy link
Member

commented May 25, 2018

No description provided.

@ara4n ara4n changed the title riot shouldn't try to load integrations until users have consented riot shouldn't try to load integrations from an integration manager unless the user has accepted that manager's privacy policies May 25, 2018
@ara4n

This comment has been minimized.

Copy link
Member Author

commented May 25, 2018

We try to get an auth token from the integration manager regardless of whether the user has accepted that integration manager's policies (or even their HS's policies).

@ara4n

This comment has been minimized.

Copy link
Member Author

commented May 25, 2018

This is particularly unfortunate if the HS & integration manager are run by different parties (e.g. someone using a custom HS but using the scalar integ manager, especially as scalar is the default integ manager in SdkConfig.js), as the privacy acceptance mechanism on their HS doesn't help them with scalar.

@turt2live

This comment has been minimized.

Copy link
Member

commented May 25, 2018

Much like how synapse isn't required to force consent upon users, the API for this shouldn't assume the manager requires consent.

Also, please ping me when the PR is open or shoot me a message during development. I'd like to make sure Dimension supports this :)

@4nd3r

This comment has been minimized.

Copy link
Contributor

commented May 26, 2018

not only this, but there should be an option to turn off any 3rd party connection.

imagine corporate network, where this kind of behaviour will raise alarms or network is airgapped, so no point even trying.

@t3chguy

This comment has been minimized.

Copy link
Collaborator

commented May 26, 2018

You can do that by self hosting riot which is just a bunch of static files @4nd3r

@jryans jryans added the privacy label Mar 28, 2019
@lampholder lampholder added the p1 label Apr 30, 2019
@dbkr dbkr added this to In Progress in Workflow Jul 3, 2019
@dbkr dbkr self-assigned this Jul 3, 2019
@dbkr dbkr moved this from In Progress to In Review in Workflow Jul 10, 2019
Workflow automation moved this from In Review to In Test Jul 23, 2019
@jryans jryans moved this from In Test to In RC in Workflow Aug 1, 2019
@jryans jryans moved this from In RC to Done in Workflow Aug 5, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
7 participants
You can’t perform that action at this time.